Qualcomm Fixes Zero-Day Security Vulnerabilities Used By Hackers, Cybercriminals

Smartphone users will have to wait for device manufacturers to roll out security patches for these three zero-day flaws.

Written by David Delima | Updated: 4 June 2025 14:29 IST

Qualcomm Fixes Zero-Day Security Vulnerabilities Used By Hackers, Cybercriminals

Photo Credit: Pixabay/ @andrekheren

Qualcomm has not disclosed which products are impacted by the security flaws

Highlights

Qualcomm has patched multiple security flaws
Three of these were zero-day vulnerabilities
Qualcomm says it shared patches for these flaws with OEMs in May

Qualcomm has patched multiple security flaws discovered in its products, including three zero-day vulnerabilities. The US chipmaker recently announced that these flaws might have been exploited by hackers to target affected devices. Users will have to wait for device manufacturers to roll out Qualcomm's patches for the vulnerabilities that impact the Adreno graphics processing unit (GPU) driver on affected devices. Google Pixel devices that are equipped with the company's own Tensor chips, are reportedly unaffected by the security flaws.

Qualcomm Says Hackers May Have Exploited Zero-Day Flaws

A security bulletin published on Monday reveals that Qualcomm has patched 10 proprietary software issues. The company has assigned two of these flaws a 'Critical' security rating, while the others are marked as 'High'. These issues are linked to graphics, core, the data network stack and connectivity, Wi-Fi hardware abstraction layer (HAL), and the Bluetooth host.

Out of the 10 security vulnerabilities patched by Qualcomm, the chipmaker has revealed that three zero-days (previously unknown flaws) may have been exploited by hackers in a targeted campaign. These are CVE-2025-21479 (Incorrect authorisation in graphics), CVE-2025-21480 (Incorrect authorisation in graphics windows), CVE-2025-27038 (Use after free in graphics).

CERT-In Warns Users of These Security Flaws in Google Chrome for Desktop

The descriptions of these security flaws suggest that hackers could leverage them to gain unauthorised access to a target's smartphone. These flaws are regularly discovered and patched by chipmakers, who have access to the proprietary code for their chipsets.

Qualcomm has credited Google's Threat Analysis Group (TAG) with discovering and reporting these flaws, which were subsequently patched. A Google spokesperson told TechCrunch that these security flaws do not affect the company's Pixel phones, which run on in-house Tensor chips.

While the security flaws have been patched by Qualcomm, they still need to be rolled out to user's devices via software updates. The chipmaker says it shared these patches with OEMs in May and urged them to issue security updates for devices "as soon as possible". As a result, users will have to wait until a software update is ready for their devices, and this process could take weeks.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Qualcomm, Security Vulnerabilities, Adreno, Security Flaws

David Delima

Email David Delima

As a writer on technology with Gadgets 360, David Delima is interested in open-source technology, cybersecurity, consumer privacy, and loves to read and write about how the Internet works. David can be contacted via... more »